A newly uncovered dataset linked to Hallmark has now surfaced on the Have I Been Pwned (HIBP) platform, raising serious cybersecurity concerns. Notably, the breach reportedly exposed the personal data of nearly 1.7 million users following a suspected cyber intrusion in March 2026.
According to initial findings, the cybercriminal group ShinyHunters claimed responsibility for the attack. The group alleged that they extracted sensitive data from Salesforce systems and later released the information after Hallmark failed to meet ransom demands. However, Hallmark has neither confirmed the breach nor clarified whether Salesforce served as the entry point for the attack.
Meanwhile, HIBP conducted its own independent analysis of the leaked dataset. After applying its validation mechanisms, the platform confirmed that the data closely aligns with legitimate user accounts. As a result, affected individuals who subscribed to breach alerts are now receiving notifications.
The compromised dataset includes a wide range of personally identifiable information (PII). Specifically, attackers gained access to email addresses, full names, phone numbers, physical mailing addresses, and even customer support tickets. This breadth of exposed data significantly increases the risk for impacted users.
Furthermore, the involvement of Salesforce suggests that attackers may have targeted a cloud-based customer relationship management (CRM) system. Since CRM platforms typically store extensive customer interaction data, such breaches can lead to deeper exposure beyond basic contact details.
More concerning, however, is the exposure of customer support tickets. These records often contain sensitive, contextual details shared during troubleshooting or account recovery processes. Consequently, cybercriminals could exploit this information to craft highly personalized phishing or social engineering attacks.
Earlier, the ShinyHunters group listed Hallmark on its leak site, claiming it had obtained over 7.9 million records. However, HIBP’s investigation identified approximately 1.7 million unique email addresses, offering a more refined estimate of affected users.
At present, Hallmark has not released an official statement addressing the incident. This lack of confirmation leaves many questions unanswered, particularly regarding the scope of the breach and the security of its systems.
Given the situation, users should act proactively. Experts strongly recommend monitoring for suspicious emails or phishing attempts, as attackers often leverage leaked data to execute scams. Additionally, users should immediately update their passwords and enable multi-factor authentication (MFA) across all related accounts—especially where credentials have been reused.
Ultimately, this incident underscores the growing risks associated with cloud-based platforms and highlights the urgent need for stronger cybersecurity measures across organizations handling sensitive customer data.
Recommended Cyber Technology News:
- WatchGuard, Halo Partner for MSP Security Automation
- Estrella Insurance Strengthens Data Security with 24/7 SOC and Advanced Threat Detection
- Fortreum Acquires Kovr.AI to Boost AI Compliance
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
